Stories by Lucian Constantin

Highly critical vulnerability fixed in Nginx Web server software

The development team behind the popular Nginx open-source Web server software released security updates on Tuesday to address a highly critical vulnerability that could be exploited by remote attackers to execute arbitrary code on susceptible servers.

AutoIt scripting increasingly used by malware developers

AutoIt, a scripting language for automating Windows interface interactions, is increasingly being used by malware developers thanks to its flexibility and low learning curve, according to security researchers from Trend Micro and Bitdefender.

Dutchman arrested in connection with large DDoS attack on Spamhaus

A 35-year-old Dutchman was arrested Thursday in Spain, as part of an investigation into a large-scale DDoS (distributed denial-of-service) attack that targeted a spam-fighting organization called the Spamhaus Project in March

Hackers increasingly target shared Web hosting servers for use in mass phishing attacks

Cybercriminals increasingly hack into shared Web hosting servers in order to use the domains hosted on them in large phishing campaigns, according to a report from the Anti-Phishing Working Group (APWG).

Security of hosted services is top priority for Adobe's first CSO

Adobe Systems has appointed Brad Arkin, the company's senior director of security for products and services, to become its first CSO. With a mature product security program already in place, the top priorities for Adobe's new security chief are to strengthen the security of the company's hosted services and its internal infrastructure.

Recently patched Java flaw already targeted in mass attacks, researchers say

A recently patched Java remote code execution vulnerability is already being exploited by cybercriminals in mass attacks to infect computers with scareware, security researchers warn.

Serious flaw present in latest Java Runtime Environment for desktops and servers, researchers say

Java vulnerability hunters from Polish security research firm Security Explorations claim to have found a new vulnerability that affects the latest desktop and server versions of the Java Runtime Environment (JRE).

One in five data breaches are the result of cyberespionage, Verizon says

Even though the majority of data breaches continue to be the result of financially motivated cybercriminal attacks, cyberespionage activities are also responsible for a significant number of data theft incidents, according to a report that will be released Tuesday by Verizon.

New version of Gozi financial malware bundles MBR rootkit

Researchers from security firm Trusteer have found a new variant of the Gozi banking Trojan program that infects a computer's Master Boot Record (MBR) in order to achieve persistence.

Former LulzSec member gets prison sentence for Sony Pictures hack

Cody Andrew Kretsinger, a 25-year-old man from Decatur, Illinois, was sentenced Thursday to one year in federal prison for his role in a May 2011 breach of a Sony Pictures website and database.

Researchers find malware targeting online stock trading software

Security researchers from Russian cybercrime investigations company Groub-IB have recently identified a new piece of malware designed to steal login credentials from specialized software used to trade stocks and other securities online.

DDOS attacks have increased in number and size this year, report says

The volume, duration and frequency of distributed denial-of-service (DDOS) attacks used to flood websites and other systems with junk traffic have significantly increased during the first three months of this year, according to a report released Wednesday by Florida-based DDOS mitigation provider Prolexic.

Java 7 Update 21 to fix bugs, change applet warning messages

Oracle will release a new version of Java on Tuesday that will include 42 security fixes and will make changes to how Web-based Java content will be presented inside browsers.

Twitter OAuth feature can be abused to hijack accounts, researcher says

A feature in the Twitter API (application programming interface) can be abused by attackers to launch credible social engineering attacks that would give them a high chance of hijacking user accounts, a mobile application developer revealed Wednesday at the Hack in the Box security conference in Amsterdam.

Widely used wireless IP cameras open to hijacking over the Internet, researchers say

Thousands of wireless IP cameras connected to the Internet have serious security weaknesses that allow attackers to hijack them and alter their firmware, according to two researchers from security firm Qualys.